Merge branch 'main' into fix/gitparse-binary

trufflesecurity · Feb 8, 2024 · 5cb5b15 · 5cb5b15
2 parents e37b84c + bbf1dec
commit 5cb5b15
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 4 deletions.
diff --git a/action.yml b/action.yml
@@ -18,6 +18,10 @@ inputs:
     default: ''
     description: Extra args to be passed to the trufflehog cli.
     required: false
+  version:
+    default: 'latest'
+    description: Scan with this trufflehog cli version.
+    required: false
 branding:
   icon: "shield"
   color: "green"
@@ -32,6 +36,7 @@ runs:
       HEAD: ${{ inputs.head }}
       ARGS: ${{ inputs.extra_args }}
       COMMITS: ${{ toJson(github.event.commits) }}
+      VERSION: ${{ inputs.version }}
     run: |
       ##########################################
       ## ADVANCED USAGE                       ##
@@ -79,9 +84,9 @@ runs:
       fi
       ##########################################
       ##          Run TruffleHog              ##
-      ##########################################       
+      ##########################################
       docker run --rm -v "$REPO_PATH":/tmp -w /tmp \
-      ghcr.io/trufflesecurity/trufflehog:latest \
+      ghcr.io/trufflesecurity/trufflehog:${VERSION} \
       git file:///tmp/ \
       --since-commit \
       ${BASE:-''} \

diff --git a/pkg/engine/engine_test.go b/pkg/engine/engine_test.go
@@ -228,6 +228,10 @@ func TestEngine_VersionedDetectorsVerifiedSecrets(t *testing.T) {
 	ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
 	defer cancel()
 	testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "detectors4")
+	if err != nil {
+		t.Log("Failed to get secrets, likely running community-tests")
+		return
+	}
 	assert.NoError(t, err)
 	secretV2 := testSecrets.MustGetField("GITLABV2")
 	secretV1 := testSecrets.MustGetField("GITLAB")

diff --git a/pkg/output/github_actions.go b/pkg/output/github_actions.go
@@ -52,13 +52,13 @@ func (p *GitHubActionsPrinter) Print(_ context.Context, r *detectors.ResultWithM
 	h := sha256.New()
 	h.Write([]byte(key))
 	key = hex.EncodeToString(h.Sum(nil))
+	p.mu.Lock()
+	defer p.mu.Unlock()
 	if _, ok := dedupeCache[key]; ok {
 		return nil
 	}
 	dedupeCache[key] = struct{}{}
 
-	p.mu.Lock()
-	defer p.mu.Unlock()
 	message := fmt.Sprintf("Found %s %s result 🐷🔑\n", verifiedStatus, out.DetectorType)
 	if r.Result.DecoderType != detectorspb.DecoderType_PLAIN {
 		message = fmt.Sprintf("Found %s %s result with %s encoding 🐷🔑\n", verifiedStatus, out.DetectorType, out.DecoderType)